We already know that any Web server listening on the loopback interface is a security risk, because it may be accessed by a browser or its extensions.
But the impact may be way bigger if this Web server is a MCP server 😱
https://blog.extensiontotal.com/trust-me-im-local-chrome-extensions-mcp-and-the-sandbox-escape-1875a0ee4823
But the impact may be way bigger if this Web server is a MCP server 😱
https://blog.extensiontotal.com/trust-me-im-local-chrome-extensions-mcp-and-the-sandbox-escape-1875a0ee4823
Comments